Ok so I see that this site is a forum which tend to be somewhat insecure though I'm not judging with just a glance. Does VT protect itself from SQL injection attacks? If not well... eek. I also see that this site is under http:// and not https:// meaning that this site is not too secure with something like credit info (not thta youd ever put it here in the first place) But how secure do you guys think it is? Has it ever been attacked before?

We do however currently have sufficient security for our needs, and we do regular updates to ensure that is the case. If you have any other questions, you can send a PM to one of us, but there's not much else that we can share.

Not sure how secure it needs to be, What are they going to get if someone breaks in?

Our Email address?
Some private messages?
Play around with someones Blog?

The Fourms are public so there is no need to secure them.

I disagree buddy, they will have a database of everyone's email and their password hash... if that gets out there and users use the same email/ password combo for other sites (which many inevitably do) then it could be a massive problem for the affected users. So security should always be taken seriously

They also have your IP address which is your computer's identification and can hack your computer and get passwords to sites like your bank if you have an account and anything stored on your computer. The likelyhood of that hapening is slim to none but you can't be to careful.

Ok everybody my main question was just about sql injection and if attackers could break into accounts that way. if they can, IT NEEDS TO BE FIXED. I can test it if an admin or high high up gives permission. Otherwise it is most likely illegal. The threat would be spammers and attackers being able to post, add, remove or many things from that user account. If sql injection isnt protected against admins accounts and the acp could be taken control of, users could be banned, spam would easily run free etc. And I'm just speaking for sql. Many other breach methods exist as you should nearly all know. Thank you and please respond if you can add to this
(And no I have 0 worry about my info contained here being gained but I don't wanna get banned )
Hjhj

Ok so I see that this site is a forum which tend to be somewhat insecure though I'm not judging with just a glance. Does VT protect itself from SQL injection attacks? If not well... eek. I also see that this site is under http:// and not https:// meaning that this site is not too secure with something like credit info (not thta youd ever put it here in the first place) But how secure do you guys think it is? Has it ever been attacked before?

(And no I'm not trying to steal people's VT accounts.)

Quote:

Originally Posted by hjhj

Ok everybody my main question was just about sql injection and if attackers could break into accounts that way. if they can, IT NEEDS TO BE FIXED. I can test it if an admin or high high up gives permission. Otherwise it is most likely illegal. The threat would be spammers and attackers being able to post, add, remove or many things from that user account. If sql injection isnt protected against admins accounts and the acp could be taken control of, users could be banned, spam would easily run free etc. And I'm just speaking for sql. Many other breach methods exist as you should nearly all know. Thank you and please respond if you can add to this
(And no I have 0 worry about my info contained here being gained but I don't wanna get banned )
Hjhj

Sorry, maybe it's just me, but some of the language you use, some of the words you choose to use in your posts, makes me rather uncomfortable about your abilities and/or intentions. Not sure if I'd even rule out a threat or not.

Just saying.

I'd Take Val's offer to talk about this with admin instead of here like this
Just how I'm seeing it

I highlyyyy doubt the site is vulnerable to SQI injections xD I think some members are getting a little paranoid, to do attacks like SQI injections and XXS attacks the site has to be vulnerable to them, VT is not.

I highlyyyy doubt the site is vulnerable to SQI injections xD I think some members are getting a little paranoid, to do attacks like SQI injections and XXS attacks the site has to be vulnerable to them, VT is not.

Sorry, maybe it's just me, but some of the language you use, some of the words you choose to use in your posts, makes me rather uncomfortable about your abilities and/or intentions. Not sure if I'd even rule out a threat or not.

Just saying.

I'd Take Val's offer to talk about this with admin instead of here like this
Just how I'm seeing it

Lol I'm not a hacker nor do I have bad intentions. I do know that the sql injection attacks have had a protection on many sites tho I just wondered about VT lol
Hope everyone has a good while

I disagree buddy, they will have a database of everyone's email and their password hash... if that gets out there and users use the same email/ password combo for other sites (which many inevitably do) then it could be a massive problem for the affected users. So security should always be taken seriously

Yes, of course there will be people who use the same pwd for lotsa sites.